instead of polluting devs machine, let's rely on a docker container
to spin up the service

relies on osixia/openldap:1.3.0. Customizes a few things:
- adds the seed on bootstrap
- does not enforce client certificate
- sets a hostname to avoid domain verification issues during handshake

The cert domain is also added to /etc/hosts

anonymous access is not enabled in this setup, so every test needs
to perform authentication first

I couldn't manage to get the container running with a cert
issued to a given IP, like 127.0.0.1 or localhost.
Instead, I specified a static hostname
(the container uses hostname to generate the cert)
and injected it in travis.

Unfortunately, in local development this means changing /etc/hosts,
but I feel that's a better option that having to install LDAP locally

so that all retcode tests succeed

it's a little price to pay in the current setup and allows us to
have the same tests locally and dev.

all environments run the same set of tests, no env specific test

so that we are able to run a test that does not specific CACERT
and so the library fallsback to system cert store

I'm not sure how to enable this in Travis

with the dockerized test openldap server, none of this is needed

the container uses HOSTNAME to generate the cert, and
it really didn't like "localhost" as hostname.

As a workaround, I had to add an arbitrary hostname. There may be other
alternatives to get the host to be known, but the most obvious
is modifying /etc/hosts

Co-Authored-By: Matt Todd <[email protected]>

h/t @mtodd